Enacts the "Electronic Fund Transfer Privacy Act"; provides privacy protection for consumers engaging in electronic fund transfer transactions by limiting disclosure of personal information about any consumer involved in such and limiting the circumstances in which government authority may get such information; outlines procedures and limitations for obtaining such information and civil penalties for violations.
STATE OF NEW YORK
________________________________________________________________________
7223
2013-2014 Regular Sessions
IN ASSEMBLY
May 8, 2013
___________
Introduced by M. of A. JACOBS -- read once and referred to the Committee
on Banks
AN ACT to amend the general business law, in relation to restricting the
disclosure of personal information contained in electronic fund trans-
fers
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. The general business law is amended by adding a new article
2 24-D to read as follows:
3 ARTICLE 24-D
4 ELECTRONIC FUND TRANSFER PRIVACY ACT
5 Section 375. Short title.
6 375-a. Definitions.
7 375-b. Expectation of confidentiality.
8 375-c. Disclosure to a government authority; court order.
9 375-d. Civil remedies.
10 375-e. Separability clause; construction.
11 § 375. Short title. This article shall be known and may be cited as
12 the "electronic fund transfer privacy act".
13 § 375-a. Definitions. As used in this article, unless the context
14 otherwise requires:
15 (a) "Access device" means a card, code or other means of access to the
16 consumer's account, or any combination thereof, that may be used by the
17 consumer for the purpose of initiating electronic fund transfers.
18 (b) "Account" means a demand, time or savings deposit, or other
19 consumer asset account, other than an occasional or incidental credit
20 balance, held either directly or indirectly by a financial institution
21 and established for personal, family or household purposes.
22 (c) "Consumer" means a natural person.
23 (d) "Electronic fund transfer" means any transfer of funds, other than
24 a transaction originated by check, draft, or similar paper instrument,
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD03169-01-3
A. 7223 2
1 which is initiated through an electronic branch, telephone instrument,
2 or computer or magnetic tape or point-of-sale terminal so as to order,
3 instruct or authorize a financial institution to debit or credit an
4 account. Such term includes but is not limited to point-of-sale trans-
5 fers, automated teller machine transactions, direct deposit or with-
6 drawals of funds and transfers initiated by telephone.
7 (e) "Financial institution" means a state or national bank, a state or
8 federal savings and loan association, a state or federal mutual savings
9 bank, a co-operative bank, a state or federal credit union, or any other
10 person who, directly or indirectly, holds an account belonging to a
11 consumer. The term also includes any person who issues an access device
12 and agrees with a consumer to provide electronic fund transfer services.
13 (f) "Government authority" means any federal, state, or local unit of
14 government or any agency or instrumentality thereof.
15 (g) "Item" means any instrument for the payment of money, whether or
16 not it is negotiable and whether or not it takes a paper form.
17 (h) "Person" means a natural person, partnership, corporation, associ-
18 ation, government authority, or other legal entity.
19 (i) "Personally identifiable information" means any information that
20 identifies any individual as a consumer having an account affected by an
21 electronic fund transfer or that otherwise provides information about
22 that individual, his account and the electronic fund transfer.
23 § 375-b. Expectation of confidentiality. (a) No financial institution,
24 or its officers, employees or agents, may disclose the existence,
25 location, date, time, contents, effect or meaning of any item involved
26 in an electronic fund transfer made by a consumer except to:
27 (1) the consumer making the transfer;
28 (2) any other person who is a party to the electronic fund transfer or
29 is necessary to effectuate the transfer, but only to the extent that the
30 information is necessary to effectuate the transfer;
31 (3) an officer, employee or agent of the financial institution holding
32 the consumer's account affected by the transfer for the sole purpose of
33 servicing the account relationship, but only to the extent actually
34 necessary;
35 (4) a person authorized by law to have access to the records of the
36 financial institution in the course of such person's official duties;
37 (5) any supervisory or regulatory agency in the exercise of its super-
38 visory or regulatory function or disclosure that is otherwise required
39 by any law or regulation of such an agency;
40 (6) a government authority pursuant to a court order as provided for
41 in section three hundred seventy-five-c of this article; or
42 (7) pursuant to the written authorization of the consumer making the
43 transfer; provided, however, that such authorization shall not remain in
44 effect longer than forty-five days.
45 (b) No financial institution may sell or otherwise disclose lists
46 containing personally identifiable information concerning consumers
47 using electronic fund transfer systems.
48 (c) Any person receiving personally identifiable information pursuant
49 to subdivision (a) of this section shall not redisclose that information
50 to another person unless authorized to do so by law.
51 (d) Each financial institution shall maintain reasonable procedures
52 acceptable to the department of financial services designed to prevent
53 any disclosure, other than a disclosure permitted by subdivision (a) of
54 this section, of personally identifiable information relating to an
55 electronic fund transfer. If a financial institution becomes aware of an
56 unauthorized disclosure, it shall, not later than three days after
A. 7223 3
1 obtaining such knowledge, disclose to the applicable consumer by regis-
2 tered mail, return receipt requested, the fact of the occurrence of the
3 unauthorized disclosure and the particulars thereof known to the service
4 provider or to the financial institution.
5 (e) No person may obtain personally identifiable information relating
6 to any electronic fund transfer originated by or addressed to a consumer
7 except as provided in subdivision (a) of this section.
8 (f) A financial institution may not incorporate its electronic fund
9 transfer system lines with any other electronic fund transfer system for
10 the purpose of ascertaining the physical location of a consumer using an
11 electronic fund transfer system at the time of effecting a transfer.
12 (g) Nothing in this section shall preclude a banking institution from
13 notifying appropriate officials of suspected violations of law. Provided
14 however, that any access to customer records by a law enforcement agency
15 or official thereof shall be governed by section three hundred seventy-
16 five-c of this article.
17 § 375-c. Disclosure to a government authority; court order. A finan-
18 cial institution may disclose personally identifiable information relat-
19 ing to an electronic fund transfer if:
20 (a) The financial institution is served with a search warrant which
21 particularly describes the information or material required to be
22 disclosed. In such event the financial institution shall (1) disclose
23 only the information and material thus described and (2) unless the
24 warrant expressly provides to the contrary, immediately notify in writ-
25 ing the individual or entity involved that such disclosure has been
26 made;
27 (b) The financial institution is served with a subpoena which partic-
28 ularly describes the information or material required to be disclosed.
29 In such event, unless otherwise provided by court order, or unless the
30 subpoena states on its face that it is served on behalf of a judgment
31 creditor seeking to enforce a judgment which has been entered and
32 remains unsatisfied, the financial institution shall not comply with
33 such subpoena until expiration of seven days after it shall have
34 provided the individual or entity involved with written notice of such
35 subpoena, which notice shall be provided immediately upon receipt of
36 such subpoena. Such seven day period shall be measured from the date of
37 mailing by first class mail by the financial institution of the required
38 notification;
39 (c) Notwithstanding the foregoing if the search warrant or subpoena
40 provides that the information requested shall be produced in a court,
41 such disclosure may be made prior to the expiration of such seven day
42 period in compliance with the terms of the search warrant or subpoena.
43 § 375-d. Civil remedies. (a) A consumer aggrieved by violation of
44 this article may maintain a civil action for damages and for equitable
45 relief.
46 (b) Any person who discloses personally identifiable information in
47 violation of this article or who otherwise engages in conduct in
48 violation of this article shall be liable to the aggrieved consumer
49 acting either in an individual capacity or as the member of a class for
50 an amount equal to the sum of:
51 (1) any actual damages sustained by the consumer or one hundred
52 dollars, whichever is greater, as a result of the disclosure;
53 (2) in the case of any successful action for damages, the plaintiff's
54 reasonable attorney's fees and other costs of litigation reasonably
55 incurred.
A. 7223 4
1 (c) In any civil action brought under this section in which the plain-
2 tiff or plaintiffs have substantially prevailed, the court, in addition
3 to any actual damages or equitable relief, may award such punitive
4 damages as may be warranted.
5 (d) No action under this section shall be brought later than two years
6 from the date of the discovery of the violation, but in no case shall
7 such an action be brought later than seven years from the date of the
8 violation.
9 § 375-e. Separability clause; construction. (a) If any provision of
10 this article or the application thereof is held invalid, the remainder
11 of this article and the application of any provision to other persons or
12 circumstances shall not be affected thereby.
13 (b) This article shall be liberally construed to effect the purposes
14 thereof.
15 § 2. This act shall take effect on the first of January next succeed-
16 ing the date on which it shall have become a law.